Penetration Testing mailing list archives

Re: [PEN-TEST] Firewall identification and penetration

From: Jeffrey Denton <dentonj () C2I2 COM>
Date: Wed, 6 Sep 2000 22:45:19 -0700

On Wed, 6 Sep 2000, Ben Lull wrote:

Everyone I've worked with
(people with 20 years under their belts w/ degrees up the wazoo) to the newbies who
picked up a book and learned how to fdisk and fsck never had a clue about security.
For example, a previous place I was employeed at had a almost genious
administrator... he could fix anything while tweaking performance levels to
unbelivable bounds.  The problem was, you could break root on the system about 17
different ways (litterally).


If you think about it, computer security has become a hot topic only
recently.

When the internet first came about, security was not even
thought of.  It wasn't until the Morris Worm that people even considered
computer security.  Even then, only the ones that were affected took note
( the sysadmins that had to clean up the mess ).  So you had a whole
generation of computer users and sysadmins who never learned about
computer security until late in their careers.  Sometimes it's hard to
teach an old dog a new trick.  I've worked with one individual who liked
to run just about ever service available on his machines ( even if it
was not being used ).  His thinking ( left over from when he learned about
computers ) was it enabled him to come up with solutions to problems
quicker.  Now days this attitude has some serious problems, but this was
not true 10 years ago.

Until recently, finding information on computer security was
difficult.  The only information available was from hackers/crackers/what
ever your favorite term is.  And the information that was available was
not easily digestable.  You first had to learn how to break into your
system, and then you had to figure out, on your own, how to stop
it.  Today, it's hard not run accross information on computer
security.  10 years ago, this information was hidden in BBS's, obscure
sites, and a very few knowledgeable heads.  Now it's daily front page news
on all of the major web sites.  This mainly has to due with ever growing
number of computer breakins and the large amount of publicity they are
receiving.  If we didn't have this problem today, then we would be as
clueless and insecure as we were 10 years ago.

So when you start complaining about old timers lacking any security
awareness, think about where they have come from.  Then try to teach those
old dogs some new tricks.

Jeff

Current thread:

Re: [PEN-TEST] Firewall identification and penetration Mike Ireton (Sep 02)
- Re: [PEN-TEST] Firewall identification and penetration Ben Lull (Sep 06)
  - [PEN-TEST] Evaluating Auditors Abilities Derrick (Sep 07)
    - Re: [PEN-TEST] Evaluating Auditors Abilities Steve (Sep 07)
    - Re: [PEN-TEST] Evaluating Auditors Abilities Domenico De Vitto (Sep 07)
    - Re: [PEN-TEST] Evaluating Auditors Abilities Teicher, Mark (Sep 07)
    - Re: [PEN-TEST] Evaluating Auditors Abilities Max Vision (Sep 08)
    - Re: [PEN-TEST] Evaluating Auditors Abilities Deri Jones (Sep 08)
  - Re: [PEN-TEST] Firewall identification and penetration Jeffrey Denton (Sep 07)
    - Re: [PEN-TEST] Firewall identification and penetration Gary E. Miller (Sep 07)